Browsed by
Author: Gregory

Calix Success Story

Calix Success Story

On the 8th, Calix flew out three people to Sandy to interview employees and customers about our fiber network. I finished my organizational behavior presentation by 10am and arrived in Sandy at 12. I was interviewed for 30 minutes about how I have utilized the northbound interfaces on different Calix software’s. No more than two weeks later, Calix released the video online, so I have embedded it here. Granted, I only appear for 30 seconds and ramble on about our Fiber Management System, but I am hoping that with other recent events I will be able to move forward a bit more, link my name OSS fiber management solutions.

Calix 844-G Gigacenter CLI Command List

Calix 844-G Gigacenter CLI Command List

I have continued to update this page every time find more information regarding a command. A lot of these commands are explained here.

? – Displays help list
help – Displays help list
logout – closes connection
exit – closes connection
quit – closes connection
reboot – soft reboot on ONT
brctl – bridge related commands
cat – cat file
df – prints filesystem usage statistics
loglevel – set or view current logging level for appnames
dumpcfg – dumps the contents of the config flash to screen
dumpmdm – dumps entire contents of the MDM
dumpeid – request smd to dump its Entity Info database
meminfo – dumps memory stats
kill – kills a process
dumpsysinfo – dumps all system information to screen
exitOnIdle – allows user to terminate the session after being idle for n seconds
syslog – syslog related commands
echo – seriously, you should know this
ifconfig – shows the interface configurations
ping – unleashes little robots that contact other things
ps – lists currently running processes
pwd – prints the working directory
sntp – secure network time protocol
sysinfo – provides brief ONT system information
tftp – trivial file transfer protocol commands
voice – used for voice related service
arp – address resolution protocol commands
defaultgateway – default gateway related commands
dhcpserver – dynamic host configuration protocol related commands
dns – domain name resolution related commands
lan – commands relating to the LAN interface(s)
lanhosts – lists current LAN devices
passwd – changes the current password
ppp – access to point to point protocol commands
restoredefault – performs factory reset on ONT
route – commands related to L3 routing
save – save the configuration
swversion – prints the current software version
uptime – displays the ONT uptime
wan – commands related to the WAN interface
calixdebug – dumps calix related information
calixfile – commands related to the calix files


Commands Expanded


addbr <bridge> add bridge
delbr <bridge> delete bridge
addif <bridge> <device> add interface to bridge
delif <bridge> <device> delete interface from bridge
setageing <bridge> <time> set ageing time
setbridgeprio <bridge> <prio> set bridge priority
setfd <bridge> <time> set bridge forward delay
sethello <bridge> <time> set hello time
setmaxage <bridge> <time> set max message age
setpathcost <bridge> <port> <cost> set path cost
setportprio <bridge> <port> <prio> set port priority
enableportsnooping <bridge> <value> 0-disable 1-standard 2-blocking
enableproxymode <bridge> <value> To enable 1 or disable 0
show show a list of bridges
showmacs <bridge> show a list of mac addrs
addmacs <bridge> <ifname> <mac> add mac addresses to the bridge table
delmacs <bridge> <ifname> <mac> remove mac addresses from the bridge table
deldynmacs <bridge> <ifname> remove all dynamic mac address from the bridge table
showstp <bridge> show bridge stp info
stp <bridge> {on|off} turn stp on/off
mldenableportsnooping <bridge> <value> 0-disable 1-standard 2-blocking
mldenableproxymode <bridge> <value> To enable 1 or disable 0
enableigmplan2lan <bridge> <value> 0-disable 1-enable
enablemldlan2lan <bridge> <value> 0-disable 1-enable
flows <bridge> <rxif> <txif> To setup layer 2 flows to the path (rxif->txif)
enableigmpratelimit <bridge> <value> 0-disable, 1..500-packet rate
eponuniunictrl <bridge> <value> 0-disable 1-enable
showmaclmt <bridge> show a mac limit of bridge


 -P POSIX output format
 -k 1024-byte blocks (default)
 -a Show all filesystems
 -i Inodes
 -B SIZE Blocksize


Usage: loglevel get appname
       loglevel set appname loglevel
where appname is one of: httpd, tr69c, smd, ssk, telnetd, sshd, consoled, upnp, dnsproxy, , mcpd, vodsl, dectd, wlmngr, linmosd
loglevel is one of "Error", "Notice", or "Debug" (use these exact strings).


Usage: logdest get appname
       logdest set appname logdest
where appname is one of: httpd, tr69c, smd, ssk, telnetd, sshd, consoled, upnp, dnsproxy, linmosd
loglevel is "Standard Error", "Syslog" or "Telnet".


Usage: mdm setpv <full path to parameter value> <param value>
       mdm getpv <full path to parameter value>
       mdm addobj <full path to object>
       mdm delobj <full path to object instance>
       mdm setnonpersistent <full path to object instance>
more subcommands will be added later.


Usage: meminfo [app name] [operation]
 App name can be httpd, tr69c, or ssk. If app name is omitted, then the operation is done for CLI app.
 operation is one of stats, traceAll, trace50, traceClones. If operation is omitted, then stats.
 meminfo : dumps the memory stats as seen by the CLI app. Same as meminfo self stats.
 meminfo ssk : send a message to ssk to tell it to dump its memory stats. Same as meminfo ssk stats.
 meminfo httpd trace50 : send a message to httpd to tell it to dump last 50 leak tracing records
 meminfo traceClones : tell this CLI app to dump leak trace records with 5 or more clones.

psp – I don’t know what this command does

Usage: psp list
       psp dump xxx
       psp delete xxx
       psp clearall
       psp help


Usage: tftp [OPTIONS] HOST [PORT]
Transfer a file from/to tftp server
 -l FILE Local FILE
 -r FILE Remote FILE
 -g Get file
 -p Put file
 -g -t i -f filename server_ip Get (flash) broadcom or whole image to modem
 -g -t c -f filename server_ip Get (flash) config file to modem
 -p -t f -f filename server_ip Put (backup) config file to tftpd server


voice --help - show the voice command syntax
voice show - show the voice parameters
voice show stats - show call statistics
voice show cctkmemstats - shows memory allocation statistics
voice show cctkcmstats - shows Call Manager & CCTK statistics
voice start - start the voice application
voice sendUpldComplete - send the upload complete message to ssk
voice stop - stop the voice application
voice save - store voice params to flash
voice reboot - restart the voice application
voice set <param> <arg1> <arg2>.. - set a provisionable parameter
List of voice set params and args:
defaults <None> - Default VoIP setup
boundIfname <LAN|Any_WAN|(WAN IfName, e.g. nas_0_0_35)> - vodsl network interface
ipAddrFamily <IPv4|IPv6> - IP address family
pstnDialPlan <pstn line#> <dialPlan> - PSTN dial plan
pstnRouteRule <pstn line#> <Auto|Voip|Line> - PSTN Route rule
pstnRouteData <pstn line#> <line #|URL for VOIP> - PSTN Route data
locale <srvPrv#> <region> - 2 or 3 character code
DTMFMethod <srvPrv#> <InBand|RFC2833|SIPInfo> - DTMF digit passing method
hookFlashMethod <srvPrv#> <SIPInfo|None> - Hook flash method
transport <srvPrv#> <UDP|TCP|TLS> - transport protocol
srtpOption <srvPrv#> <Mandatory|Optional|Disabled> - SRTP usage option
regRetryInt <srvPrv#> <seconds> - SIP register retry interval
regExpires <srvPrv#> <seconds> - Register expires hdr val
rtpDSCPMark <srvPrv#> <mark> - RTP outgoing DSCP mark
logServer <srvPrv#> <hostName|IP> - Log server
logPort <srvPrv#> <port> - Log server port
digitMap <srvPrv#> <digitmap> - dial digit map
T38 <srvPrv#> on|off - enable/disable T38
V18 <srvPrv#> on|off - enable/disable V.18 detection
reg <srvPrv#> <hostName|IP> - SIP registrar server
regPort <srvPrv#> <port> - SIP registrar server port
proxy <srvPrv#> <hostName|IP> - SIP proxy server
proxyPort <srvPrv#> <port> - SIP proxy server port
obProx <srvPrv#> <hostName|IP> - SIP outbound proxy
obProxPort <srvPrv#> <port> - SIP outbound proxy port
sipDomain <srvPrv#> <CPE_domainName> - SIP user agent domain
sipPort <srvPrv#> <port> - SIP user agent port
sipDSCPMark <srvPrv#> <mark> - SIP outgoing DSCP mark
musicServer <srvPrv#> <hostName|IP> - SIP music server
musicSrvPort <srvPrv#> <port> - SIP music server port
confURI <srvPrv#> <hostName> - SIP conferencing URI
confOption <srvPrv#> <Local|Refer participants|Refer server> - SIP conferencing option
tagMatching <srvPrv#> <on|off> - SIP to tag matching
timerB <srvPrv#> <time in ms> - SIP protocol B timer
timerF <srvPrv#> <time in ms> - SIP protocol F timer
lineStatus <srvPrv#> <accnt#> <on|off> - Activate line
physEndpt <srvPrv#> <accnt#> <id> - Phys Endpt
extension <srvPrv#> <accnt#> <URI> - SIP extension
dispName <srvPrv#> <accnt#> <Name> - SIP Display Name
authName <srvPrv#> <accnt#> <name> - SIP auth name
authPwd <srvPrv#> <accnt#> <pwd> - SIP auth password
MWIEnable <srvPrv#> <accnt#> <on|off> - Msg Waiting Indication
cfwdNum <srvPrv#> <accnt#> <number> - call forward number
cfwdAll <srvPrv#> <accnt#> <on|off> - call forward all
cfwdNoAns <srvPrv#> <accnt#> <on|off> - call forward no answer
cfwdBusy <srvPrv#> <accnt#> <on|off> - call forward busy
callWait <srvPrv#> <accnt#> <on|off> - call waiting
anonBlck <srvPrv#> <accnt#> <on|off> - Anonymous call rcv blcking
anonCall <srvPrv#> <accnt#> <on|off> - Anonymous outgng calls
DND <srvPrv#> <accnt#> <on|off> - do not disturb
CCBS <srvPrv#> <accnt#> <on|off> - Call completion on busy
speedDial <srvPrv#> <accnt#> <on|off> - Speed dial
warmLine <srvPrv#> <accnt#> <on|off> - Warm line
warmLineNum <srvPrv#> <accnt#> <number> - Warm line number
callBarring <srvPrv#> <accnt#> <on|off> - Call barring
callBarrPin <srvPrv#> <accnt#> <number> - Call barring pin
callBarrDigMap <srvPrv#> <accnt#> <digitmap> - Call barring digit map
netPrivacy <srvPrv#> <accnt#> <on|off> - Network privacy
vmwi <srvPrv#> <accnt#> <on|off> - Visual message waiting indication
vad <srvPrv#> <accnt#> <on|off> - enable vad
pTime <srvPrv#> <accnt#> <pTime> - packetization period
codecList <srvPrv#> <accnt#> <codec(1)[,codec(2)]> - codec priority list
rxGain <srvPrv#> <accnt#> <rxGain> - rxGain (dB)
txGain <srvPrv#> <accnt#> <txGain> - txGain (dB)
cctktracelvl <Info|Warn|Debug|Off> - CCTK tracelevel ( stop/start reqd)
cctktracegrp <CCTK|SCE|Trans|SDP|SIP|Misc|All|None> - CCTK concat tracegroups( stop/start reqd)
mgtProt <TR69|OMCI> - Protocol used to manage Voice
loglevel <general|cmgr|dispatch|sipcctk> <Error|Notice|Debug> - Vodsl module-specific log level


dect get <ac|mode|prom|linesetting|systemsetting|contactlist> [value] ...
dect set <ac|mode|prom|default> [value] ...
dect add <contact|call|handset> [value] ...
dect del <contact|call> [value] ...
dect hs <reg|ping|del|info> [value] ...
dect test <synctime|vmwi> [value] ...
dect start
dect stop
dect save
dect help [cmd]
dect info


There is a lot of commands for wlctl. Use this for reference.


laser param --load [<filename>]
laser param --dump default | current
laser power
laser power --rxinit <initial rx reading> <rx offset>
laser power --txinit
laser power --rxread
laser power --txread
laser txbias --read
laser temperature --read
laser voltage --read


wan add interface <atm|ptm|eth>
wan add service <interfacename> --protocol <bridge|ipoe|pppoe|ipoa|pppoa>
wan delete interface atm <port.vpi.vci>
wan delete interface ptm <port> --priority <normal|high|both>
wan delete interface eth <ethx>
wan delete service L3IfName
wan show interface
wan show [<port.vpi.vci>]
wan --help <bridge|pppoe|pppoa|ipoe|ipoa>


objinfo -Display mcpd object tree information.
meminfo -Display mcpd object memory usage information.
mcgrpmode -Set Multicast Group rules for categorizing ASM vs SSM. (iana|firstin)
configinfo -Display mcpd configuration.
reload -Reload mcpd configuration.
allinfo -Display all information


Usage: sys <gphytest|usbtest|usbchk|btt|ledctl|atsh|atwz|atqz|atsn|atgs|atgp|atmg|atsw|gpio|atbd|atrg|athp|atmi|atei|atri|ups> [sys command option]
            sys show
            sys help
  •  gphytest – More info here
    • tests LAN status I guess?
  • usbtest
    • tests the USB port status
  • usbchk
    • Shows the status of the USB port
  • btt
    • Controls a button status, but I am not sure if it is reset or WPS
  • ledctl – This is a fun one
    • AG – Turns on all green LED’s
    • AF – Turns on all red LED’s
    • B1 – Blinks all green LED’s at 1Hz
    • B2 – Blinks all green LED’s at 2Hz
    • B4 – Blinks all green LED’s at 4Hz
    • B8 – Blinks all green LED’s at 8Hz
    • BF – Blinks all green LED’s at 16Hz
    • ALL – Turns on all controlled LED’s
    • AO – Turns off all controlled LED’s
    • AA – Turns on all amber LED’s
    • BR1- Blinks all red LED’s at 1Hz
    • BR2 Blinks all red LED’s at 2Hz
    • BR4 – Blinks all red LED’s at 4Hz
    • BR8 – Blinks all red LED’s at 8Hz
    • BR16 – Blinks all red LED’s at 16Hz
    • BA1- Blinks all amber LED’s at 1Hz
    • BA2 Blinks all amber LED’s at 2Hz
    • BA4 – Blinks all amber LED’s at 4Hz
    • BA8 – Blinks all amber LED’s at 8Hz
    • BA16 – Blinks all amber LED’s at 16Hz
    • WpsInpro – Blinks the WPS LED
    • WpsOverLap – Pulsates the WPS LED
    • WpsError – Blinks the WPS LED red
    • WpsInPro_IPTV Blinkes the WPS LED amber
  • atsh
    • Displays information about the ONT unit
  • atwz
    • Shows the ONT MAC
  • atqz
    • Shows all the ONT MAC addresses
  • atsn
    • Shows the ONT serial number
  • atgs
    • Show the ONT GPON serial number
  • atgp
    • Shows the ONT GPON password
  • atmg
    • Show the ONT manufacturer information
  • atsw
    • Dunno, it breaks the session
  • gpio
    • Dunno, not a very good help prompt
  • atbd
    • Turns on or off the battery signal detection
  • atrg
    • Show the ONT region code
  • athp
    • Show the ONT part nubmer
  • atmi
    • Show the ONT module number
  • atei
    • Show the ONT CLEI code
  • atri
    • Show the ONT remote inventory version
  • ups
    • Show the ONT battery status


This command allows the user to perform basic file maintenance operations on the Calix generated persistent debug files stored on the 800SG series ONTs
Usage: calixfile <target>:[action]
       target [ help | all | port | global | panic | diag |logs ]
       action [ trim | delete | ls | dump ]
       example: calixfile port:ls logs:ls
        help or ? outputs this help screen
        all, port, global, panic, diag, logs are types of persistent data stored in the FLASH memory on the unit. At least one of these targets is required. Entering the command: calixfile without a target outputs this help screen
               trim - clears the current contents of the file
               delete - removes the file from the FLASH, some files are not removable and will be resized to 0 bytes instead.
               ls - performs the linux ls -l command for a given type of file
               dump - outputs the contents of the specified target type files

Commands are executed from right to left on the command line



CMS Northbound Interface Integration

CMS Northbound Interface Integration

When designing the fiber management system (FMS), one feature that is heavily needed is a way to provision, change, delete and query customer hardware. Being a Calix shop, we have our access hardware, and a CMS (Calix Management System) which aggregates all of our access systems together. The result is a one stop shop where ONT’s can be managed across one interface. Upon our first deployment, we used the CMS client to provision and manage all of our ONTs for customers. We quickly hated using the client for most of our operations. Now, I am in no way trying to bash on Calix’s software, I believe CMS is a great tool. The client on the other hand… I cannot say the same.

CMS features a northbound interface, which uses an XML http request to exchange information between CMS and 3rd party applications. The CMS API is by far my most favorite/hated feature of CMS. The ability to use any language to make and retrieve requests is awesome, but can be difficult in some languages. Let me provide a bit more information. My FMS system uses PHP for a majority of its server side rendering. I know how bad PHP is, but in the case of making a system web accessible from any device drastically limited my options. Further details on why I used PHP will be made available in later posts. The access diagram for the FMS is below.


Since PHP is a server side translator, it allows our information to processed within the same network as our CMS server, ultimately allowing clients to process information in the management VLAN where the CMS and Calix equipment resides. With the ability to serve clients with data via web, any mobile or web accessible device can use the FMS.


Tying it all in

Given my current situation, I cannot explain in detail what I have fully done with this API, but what I can explain are some of the modules we tied the northbound interface in with. Some modules that reside within the FMS are: customer records and basic inventory. Which means that we can record our ONT inventory and tie it in with customers, allowing me to knew exactly what customer has what piece of equipment. Further with the northbound interface module, I can use the inventory data to generate a configuration linked with a customer and have one click customer provisioning. Behold! I have made our jobs so much easier! Upon creating a customer, I can provision an ONT in under 15 seconds, record where it is going, where it was and I don’t even have to unpack the unit. I can hand it to an installer, whom installs it at a customers house, plugs it in, turns it on and it provisions instantly. Now, while a lot of this does not involve the northbound interface, you can see how I have taken three tasks and combined them in to a fluid cycle. (Note, this cycle does not work for everyone, or every deployment, which is why I am currently redesigning the process). Inventory is linked to a customer, and linked to CMS, and the installer does not have to carry a buttset around and punch in registration ID’s. I wish I could explain more, because with the addition of other modules, and more detail, A LOT more cool stuff can be automated.


Building the module, take one

When I first designed this module, I honestly knew almost zero about http requests, Python, XML, SOAP, PHP, JS and Love. Refrain from laughing as much as possible when you see my code and keep in mind that I was learning. Also keep in mind that once I got this working, it became the bomb-diggity for our company. I decided to use Python, because WHY THE HECK NOT?!? Mostly I was aware of how bad PHP was, and I wanted to make the service available even in non web based environments (Yes, I am aware that CLI PHP is thing, but still I wanted to refrain from using it as much as possible). So I got to work writing python scripts that would take in FSAN numbers, ONT ID’s, bandwidth profiles and everything else as arguments. I could then process it and and spit out the result. The code was messy, some outputs were XML, others were strings, and some just returned a 1 or 0. If you want to see how bad it is, here is the link to the github repo. A lot has changed and is not reflected there. It is now a lot more structured and allow for provisioning of SIP services, RG interfaces, and other stuff.


Provisioning was a simple three click process, auto assigned the ONT to a customer, and made an note in the inventory on the whereabouts of an ONT. It even allowed for error checking allowing us to make sure things went smoothly during the provisioning process.


CMS integration was a module added in the early stages of the FMS development. After the module was created, it didn’t really change mostly because it just worked. Only until recently, have I had to make drastic changes to the FMS, which pretty much required a redesign of the whole module.

The process effectively went from this


to something like this


🙁 I am sorry that I cannot show you the inner workings of my new process, but I have been instructed that I cannot display the secret sauce. As you can see, this new flow is a lot more structured and has a lot more going on. What I can explain is what makes the system a heck of a lot better than before.


Dynamic, TO THE MAX

One benefit this new module brings is the added dynamic that previously did not exist. The old code relied on a config file that stored all of the variables for connecting to CMS.


This limitation allowed you to only query one system from one CMS server. The new module allows for dynamic addition and deletion of systems, meaning that multiple CMS hosts with multiple access systems can be queried.

access systems blur

One feature, or more rather byproduct (but works as a feature) is that the result is transferred to the client as an http request. This allow AJAX queries from server to client to occur instantly and be encoded in JSON. I effectively created and API for an API :P. I feel that there is potential to allow access from 3rd party devices/systems in the future.

I must wrap up this post, but before I do, I want to show you a screenshot of what kind of useful data is possible through the new Calix-NIAPI module.


It is certainly cool what can be done when you tie services into one another! If you have questions regarding this system, processes involved please contact me at


print_r(“hello world”);

print_r(“hello world”);

First post!

If you are unfamiliar, I am currently working on a Fiber Management System for my job, which includes all aspects of maintaining and building a fiber network (I know, a lot). This post is the kick off of something that has already taken 8 months of my life, and I believe will consume many more in the future. Follow along as I fumble through work, attempting to grasp concepts and lingering issues with coding and office politics.

My hopes are to eventually release this software as a service to smaller ISP’s wishing to deploy and maintain fiber networks. After all, that is its main purpose.


Hoodland Library Transition

Hoodland Library Transition

Last month, SandyNet had to get Internet connectivity from the old Hoodland library, across the street, to the new one. Part of the switch required a new line to be drug from our splice case on Welches road to the new library. Northsky got an OFS 24 pair (I think?) to the site, but left it coiled up outside. So, the team and I performed the first ever SandyNet aerial splice.

In addition, Chris and I did a tower climb a week or so later and drug 16 Ethernet cables up our Waybill tower. From there, we performed a few rescue training exercises, and called it a day.


It has been a while since my last post, and a lot has happened since then. I have spent a lot of time writing a piece of software and customer, record, helpdesk management system.

Introducing Speedtest Stats!

Introducing Speedtest Stats!

Within the past couple of months, we set up a speedtest server, that our customers, and everyone else can test to, to see how fast their internet is to Sandy, OR. All tests and accessible information is stored on OOKLA’s reporting site, and can be downloaded in a CSV format. What we wanted to do is graph this data. Instead of using an MS product like Excel to graph data, and updating records and adding new tests to an existing table, I thought I would make a PHP/MYSQL driven site to graph statistics. The project was fun, and when I was done, I waned it to be publicly accessible and usable. For that reason, I got approval from my boss to place the project on GitHub.

Version 0.1.1 is out, and it will probably stay that way. I figured, maybe someone else out there wants to be able to graph their speedtest data. Maybe. We have over 15,000 tests in the past couple of months, making a sql driven approach mighty attractive. Take a look at the screenshots below to see what it all does!

speedtest-frontpage speedtest-cityofsandy


Now, I have never really polished a project, and this is the closest I have ever been to one. It gets the job done, and take a little bit of configuration, but it does work, and people can download it and modify it to their liking.

The Xen Struggle is Real

The Xen Struggle is Real

I woke up at 6am this morning to a phone call from my boss. Barely awake, I answered in a very tired voice, “Hello.” His response was “The Xen environment is down.” I mean, it is read only Friday, this isn’t suppose to happen. Now, our environment is pretty small, but it runs all of our critical services, DNS, DHCP, AD, Monitoring, File storage. I had my boss ssh into the box and see if there were any zombie processes. Sure enough, there were. Now, before, we had processes become zombies when our log files filled up the  log partition and made everything choke. Now this was on XenServer 5.6 and things are different now. I was able to assign myself a static IP from my room and get into XenCenter, to find all of our hosts in maintenance mode. This would explain the zombie processes and the reason no VM’s were on the hosts. I attempted to bring each one out of maintenance mode, but received an error (see below).


I got into console of the master, and ran xe pool-ha-disable and boom, I was able to spin up all of our VM’s. Once we restored service to the city, I attempted to think about what caused this issue. Obviously it was related to HA, but why would that cause all of our VM’s to stop running. Part of the solution was found in the alerts section of XenCenter.



After cycling through each host, HA ran out of working hosts to break, so it just killed all of our VM’s and placed all of the servers into maintenance mode. Since I as still really tired, and wanted to get some sleep before my classes, I told my boss to open a case with Citrix, and have them dig through the logs. I went back to bed.

Turns out our NIC drivers were out of date, and it caused instability within our hosts. The resolution was to install the some updated drivers from XenServer 6.2. It would seem that the upgrade to 6.5 wiped the already updated drivers, and they needed to be re-installed. Woot! Same, day I made my drive back up to Sandy, and did a late night BIOS upgrades of our IBM and Dell hosts, and installed updated Broadcom and Intel NIC drivers. I followed the guide from a Citrix support page to upgrade them. The upgrade took no time at all, but the migration of VM’s over a 1Gbps connection was more than slow. After rebooting each host, the applied drivers should resolve our issue. This upgrade was performed on 4/3/15 and we have not had any reported issues yet.

We still have a case open with Citrix though, and we have not re-enabled HA just yet. I am waiting to find time to call and chat with them. According my boss, if call back in, they can assist and help get HA configured, tested and stabilized. I’ll update this post when that is completed, and show the results and process.

In addition, I made a post over at /r/citrix regarding my frustrations. The responses didn’t quite yield the response I was looking for, but were none the less interesting.


Migrating from IE9 to IE11

Migrating from IE9 to IE11

Now, I have put off this task for a long time. IE9 is old and crappy. I remember when it came out in 2011, and promised speeds as fast as Firefox 3.6… Well it turns out, every federal or state law enforcement site requires its users to use IE8. Custom active x applets and other junk that they use to ‘secure’ data, is so custom that it is only compatible with specific version of IE, which is not secure. The fact that I have to use an old, non supported version of IE to ‘securely’ which is incredibly stupid. Diverting from Law Enforcement, other sites that are not standardized require the use of IE9 in compatibility mode just to display data correctly (I am looking at you Granicus).


Now, the form of this post is step by step instructions of what I have done. As you read through it, I may make a change, and then end up reverting it, because it sucked. Do not follow this a guide, but rather use it as documentation. I will most likely provide some form of process once I finish the migration.

3/11/15 – I decided to actually start preparing for the migration. For the longest time our WSUS server has denied the deployment of IE10 and IE11.

3/12/15 – Microsoft announced that an update, KB3033929 causes boot loops in Windows 7. This scares me, since I thought the installation of IE11 caused issues.

3/17/15 – It seems that Microsoft has been releasing a bunch of updates lately, and there is a huge bundle of them that need to be installed. IE11 has currently caused no problems, and is slowly being installed on other computers. Let’s continue to hope, as things move along smoothly. We have only had a few cases of our servers logging in with this error. It seems to have been resolved by updating the remaining updates for IE11 after the initial install.

3/22/15 – According to Lansweeper, most of our computers have been upgraded to IE11, and we haven’t had any issues so far. Fingers crossed that it won’t cause any more issues.


As of 3/22/15 it looks like there are no current issues. Either law enforcement and states sites are being updated, or IE is working better or compatibility modes is working well enough. It was decided that if a site has issues with IE11, we will set users up with a XenApp subscription where they can use a remote app for IE9. With this setup, we hope we can keep IE up to date and secure, while still allow access to any site.

XenServer upgrade from 6.2 to 6.5

XenServer upgrade from 6.2 to 6.5

XenServer 6.5 debuted in January of 2015, and naturally I wanted to a little before upgrading to a new major release in our production environment. That time came on March 21st, 2015. I scheduled to perform a pool upgrade to 6.5 after hours. This post will consist of the upgrade process, any issues that arose and the result and thoughts about the new version of XenServer. Release notes for XenServer can be found here. 

Prepping for the upgrade – I learned the hard way when doing  a rolling pool upgrade from 6.02 to 6.1, Always read the documentation before upgrading. I logged into Citrix and overlooked the upgrade process for XenServer 6.5 under the XenServer Installation Guide. I performed the database backup and offloaded it through SFTP. Then I downloaded XenServer 6.5 and uploaded the extracted files to an FTP site. After doing a few small housekeeping tasks (shutting down non critical VM’s), I was ready to begin the upgrade

Attempt 1 – I first tried to do an automatic rolling pool upgrade via FTP. After applying one last hotfix, I began to start the pool upgrade. The master rebooted, and said it was installing. After about 20 minutes an error came up that it had failed. Instead of trying to troubleshoot it, I burned XenServer to a CD and began the upgrade again only this time, in manual mode.

Attempt 2 – This process is a little longer, but I feel more confident upgrading via CD rather than an FTP site, which after beginning the upgrade process, realized that my FTP site was on a virtual machine hosted by the Xen hosts. Shouldn’t have really mattered, but still not super settling. The master took the upgrade no problem, and I then began on the other two hosts. As I waited for machines to migrate, I spent a large amount of the time listening to music and surfing reddit. Each Xen hosts upgraded, and there were no other problems.

My thoughts on why the pool failed to update automatically, was that I didn’t point the Xen Installer to the proper FTP directory. Either way, the manual upgrade worked flawlessly, it just took a bit more time and I expected.


The only thing that annoyed me was the amount of alerts and notifications that showed up.

I started the upgrade at 11pm, and finished up around 2:30am. It was by far that easiest XenServer upgrade I ever performed, and I am hoping that we will see noticeable performance increase in performance. Having a x64 Dom should be nice, and updated templates will allow us to begin upgrading our Ubuntu servers to 14.04 LTS.

Although, I don’t know if anything is really broken. Our monitoring systems are having no issues, but we’ll see on Monday if users have any issues.


Customer Configuration of Calix 844 GigaCenter’s

Customer Configuration of Calix 844 GigaCenter’s

We have been deploying Calix 844’s for the past few months at SandyNet, and we have had almost no issues, and have received almost no complaint regarding the units. Calix did a great job designing these units, and in my personal opinion, they are a large step up from the 836g units. Receiving them almost hot off the production line, we quickly rushed these things to deployment, and I will admit, I think they are one of the big reasons our fiber deployment has been so successful so far.  From a customer standpoint, they need basic services such as reliable fast internet, dual band WiFi and an easy to use UI. The GigaCenter combines all of those main features, and more into one slick looking box. We can even remote manage these boxes so if a customer does not know how to change their SSID, or security key, we can now do it from the comfort of our office(through consumer connect), instead of making a house call for a five minute fix. So far, we have been extremely satisfied with these ONT’s, since they simply work. Time and time again, at SandyNet, we have acquired different devices in hope of finding a solution that simply works. We did not find it in Ubiquiti, Ruckus, Proxim, Mikrotik, etc. Mixing and matching these pieces of hardware in a production environment can sometimes result in a lot of problems (Like trunking between Mikrotik and Cisco). Building a stand alone Calix system from the ground up, has been an overwhelmingly pleasant experience. Okay, I will admit, it was rough until we understood the system and how to configure it, but once we got our bearings, it was pretty smooth sailing. Some minor issues were firmware bugs that were quickly resolved. And we mean quickly. We’re not talking about firmware upgrades that take six months and are more detrimental than useful, *cough* UBNT. Simple problems with memory leaks or incompatibility with 844’s and some new Macintosh’s were resolved in a very reasonable time.  Firmware upgrades are a breeze, and overall, having such a great ONT has already saved up so much time, and has allowed us to focus on other projects and problems such as continuing the deployment of our fiber network.

From a technician standpoint at SandyNet, the provisioning of an ONT is very easy. We pull the unit off the shelf in the morning, and input the FSAN into CMS and record it in our database, and send the unit out with our installer to be placed in a customers home. Once installed, the ONT upgrades its firmware, reboots and then applies its configuration. That is all there is to it. The customer is now online. One unit contains Ethernet, WiFi, RJ-11 ports and modem into one box. Customers no longer need to purchase a wireless router, and most of our deployments contain only an 844. The simplicity of the device makes it mighty attractive to our customers and us, since it is less complicated for the customer, and it is all squeezed into one device that we can manage easily. Most of our customers do not know how to change their WiFi options, or what the best practices are, so they often call in after being installed, requesting us to help configure the device. Other customers have enough background knowledge to login locally and change their options. Either way, the setup mo-betta than our previous infrastructure.

Now, all I have done is praise Calix for these units. That is not all I intend to do. Some customers have searched for help in configuring their ONT 844’s, and that is what is next.

Configuration of the 844-

Our installers should be placing a sticker on the ONT that lists the factory default settings for the modem. It should include the SSID and Key to connect to the WiFi, and the default IP for the web interface on the device. Below that, there is a username/password that is the default login info for the device. Before customizing your modem, complete the following.

Connect the computer you are using to configure the modem to one of the Ethernet ports on the ONT. If you are changing WiFi settings over WiFi, you’re gonna have a bad time. Once you are connected through a patch cable, you may open up your favorite browser and navigate to the gateway IP (Generally and input the username and password (Username: admin, Password: *checkthesticker*). You should be greeted with a friendly looking page like below.



From here, we have a few options:

Status – will show you information regarding the unit, and its many status including devices, configurations of WiFi and any associated devices.

Quick Start – is a simple configuration wizard that helps customers quickly configure their ONT.

Wireless – provides all options for configuring any WiFi related feature.

Utilities – provides troubleshooting programs to help determine possible problems, or view log information

Advanced – holds all of the less common options for ONTs including port forwarding, QoS, Routing and Network options

Support – provides details when receiving help from a SandyNet technician

Most of the configuration will simply be done under the Wireless tab, since everything else is pre-configured, or not commonly changed.


Under the Wireless tab, there are four side menu buttons, 2.4G Network, 5G Network, Advanced Radio Setup and WPS. For the sake of making this simple, we are only going to operate within the 2.4 and 5 G Network buttons.

Note: 2.4G is currently the most common frequency for WiFi, so this radio should probably be used. 5G is standard on all devices within the past couple of years, and can be enabled if your devices support it.

First, lets make sure we have the 2.4 radio turned on. It is on by default, but select the Radio Setup button under the 2.4G Network button the left hand side. make sure the Wireless radio is set to on and now off. Hit apply after you have made your change.


Next, lets give our 2.4GHz network a good name. Select the SSID Setup tab and select the SSID that is named CXNKXXXXXXXX and make sure it is enabled. Now you get to be creative (or not so creative) and change the name of your wireless network. A lot of our customers want to keep their previous WiFi configuration, so if you wish to do so, fill out the Rename SSID box with your previous wireless network name (It is case sensitive). If not, come up with a good identifier for your WiFi, and no, FBI-surveillance-van-3 is not a good name, since everyone seems to set their WiFi to that.



Hit apply and lets move onto security.

Under the security button, you will need to now select your newly renamed SSID from the dropdown menu labeled SSID (Network Name). Now we get to select the security type.

The following options are available:

WPA-WPA2-Personal – Combines both encryption methods of WPA and WPA2 for maximum compatibility of devices. This will except the passphrase in both encryption levels, making is less secure than WPA2, but most function for all devices.

WPA2-Personal – The strongest encryption method for WiFi at the time of this article. Any non-compatible WPA2 devices will be unable to connect, so make sure all of your devices are compatible.

WEP – Is extremely weak, and in my book is not an encryption. There is no algorithm, just a HEX code encrypting the data, making it extremely unsecured.

Security-Off – makes the network open for anyone to connect. There is no password.

Pick your desired security type and then move on to the encryption type. For WPA and WPA2, I recommend AES, since it is the best. For compatibility you may enable TKIP or both.

Now you can set your security key. If you wish to keep the ridiculously long default key, be my guest, but most people want to name it to their pet or something easily guessable. Hit the button Use Custom Security Key and type in your key. Hit Apply when you are done.



Woot! you have configured your 2.4G network to be whatever you wanted! If you wish to enable the 5G network, do the same thing under the 5G button.


As you can see, the Calix GigaCenter UI is very easy to use, and pleasing to the eye. Configuration of WiFi is extremely simple, not to mention its super dooper range! 🙂 We are happy with these devices, and we believe customers are too. Like always if you have questions regarding me, my poor humor or how I became such an awesome person, email me at But if you are a customer in need of help with WiFi, SandyNet or the City of Sandy contact them, not me at: or call 503-668-2923, and you might get me on the line!